Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

SkiifGeek's Journal: Microsoft's December Patches

Journal by SkiifGeek

Coming as somewhat of a surprise, Microsoft released seven patches with their December Security Patch Update. Even though most patches were only rated as Important, almost all patches do have an arbitrary code execution component for at least some end users. This will raise the criticality of some patches to Critical for those specific users. The unexpected patch was for the Windows Media Format, though there is some outstanding dispute over the actual criticality of the affected components and the extent / availability of public exploit code.

Proof of concept code has been made available for at least one of the recent arbitrary code execution vulnerabilities associated with Microsoft Word (there are at least two), and the ISC has identified that Microsoft Office (Mac) was updated quietly today as well, including at least one security fix in the update.

Detailed vulnerability reports and exploit code are starting to surface for the patched vulnerabilities, as well as what appears to be opportunistic attacks by unrelated attackers (according to the ISC there is a massive spike in attacks exploiting an historic Symantec Antivirus vulnerability).

This discussion has been archived. No new comments can be posted.

Microsoft's December Patches

Comments Filter:

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis

Working...